Re: [ietf-smtp] guidance on how to secure against sniffing and paid back

On Sun, 15 Sep 2013 16:46:43 -0400, John C Klensin said:

> FWIW, I note that,  a very long time ago, we deprecated the
> explicit source routing for email that would have permitted my
> MUA to specify where the message is to be submitted or what the
> submission server is to use as a next hop on a per-message basis
> and that we've discouraged arbitrary relaying.  If we hadn't
> imposed those restrictions on ourselves (however good the
> reasons), it would be relatively easy to design an MUA that
> would be able to utilize a dozen different submission servers,
> each of which could distribute to a dozen other first-hop relay
> servers, all more or less at random and under MUA control and
> all with encrypted tunnels.  It wouldn't be hard (e.g., by use
> LMTP streams over TLS) to use content encryption up to the
> second server in the path to prevent the submission server from
> storing clear-text content without having to deal with the PKI
> or PGP scaling problems in significant ways.   That would make
> the protection you expect to get from TLS vastly stronger
> because many courts that might issue orders for particular
> messages or message groups on one particular server (or servers
> operated by one company) are loathe to issue orders to multiple
> server operators for messages that _might_ have passed through
> there.
That's basically re-inventing SMTP-over-TOR.

And I suspect the court order issue is a total red herring, as it's
pretty clear that many of the big players in the threat model don't
actually bother worrying about whether they can get a court order
or not.

pgpRVCr2j0OVp.pgp
Description: PGP signature

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp